Cheesy Aegean Squirrel
Medium
Incorrect MAX_TOTAL_FEES
constant value will cause excessive fee charges (up to 100% instead of 10%) for users as admins can set fees much higher than documented.
In EthosVouch.sol
https://github.com/sherlock-audit/2024-11-ethos-network-ii/blob/57c02df7c56f0b18c681a89ebccc28c86c72d8d8/ethos/packages/contracts/contracts/EthosVouch.sol#L120
the constant MAX_TOTAL_FEES
is set to 10000 basis points (100%) while documentation explicitly states maximum total fees should not exceed 10%.
uint256 public constant MAX_TOTAL_FEES = 10000; // Allows 100% fees
This constant is used in checkFeeExceedsMaximum to assert that the total fee should be greater than this constant. Which in this case will allow fee to be more than 10%, it can reach to 99.99%
Admin needs to call any of this function setEntryProtocolFeeBasisPoints setEntryDonationFeeBasisPoints setEntryVouchersPoolFeeBasisPoints setExitFeeBasisPoints to set fees above 10%
No response
No response
Users could suffer up to a 90% higher loss of funds than documented through excessive fee settings. This dramatically changes the economics and trust assumptions of the protocol.
No response
uint256 public constant MAX_TOTAL_FEES = 1000; // 10% maximum